CVE-2024-2913— Race Condition Vulnerability in mintplex-labs/anything-llm

EPSS 0.11% · P30 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-2913

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Race Condition Vulnerability in mintplex-labs/anything-llm

Source: NVD (National Vulnerability Database)

Vulnerability Description

A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multiple concurrent requests to accept a single user invite, allowing the creation of multiple user accounts from a single invite link intended for only one user. This bypasses the intended security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection in the invite tab. The issue is due to the lack of validation for concurrent requests in the backend.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

检查时间与使用时间(TOCTOU)的竞争条件

Source: NVD (National Vulnerability Database)

Vulnerability Title

AnythingLLM 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

AnythingLLM是符合业务要求的文档聊天机器人。 AnythingLLM存在安全漏洞，该漏洞源于攻击者可以通过发送多个并发请求来接受单个用户邀请，从而允许从仅针对一个用户的单个邀请链接创建多个用户帐户。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
mintplex-labs	mintplex-labs/anything-llm	unspecified ~ latest	-

II. Public POCs for CVE-2024-2913

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-2913

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: mintplex-labs/anything-llm

Same vendor: mintplex-labs

Same weakness: CWE-367

V. Comments for CVE-2024-2913

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-2913— Race Condition Vulnerability in mintplex-labs/anything-llm

I. Basic Information for CVE-2024-2913

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-2913

III. Intelligence Information for CVE-2024-2913

IV. Related Vulnerabilities

V. Comments for CVE-2024-2913

Leave a comment